May 4th, 2022
Healthcare data breaches have been occurring at record levels, but not all privacy and security threats come from outside the organization. The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center (HCC) recently issued a warning about insider threats.
What is an insider threat?
April 14th, 2022
Recently, the Director of the HHS’ Office for Civil Rights, Lisa J. Pino, issued a statement encouraging HIPAA covered entities and business associates to strengthen their cybersecurity posture this year in light of the increasing rates of cyberattacks across the healthcare industry.
The last year was particularly damaging for healthcare organizations due to hackers taking advantage of the COVID-19 pandemic.
March 15th, 2022
What is a HIPAA Consent Form?
A signed HIPAA consent form must be obtained from a patient before their protected health information (PHI) can be shared with any other individuals or organizations, except in the case of routine disclosures for treatment, payment or healthcare operations as permitted by the HIPAA Privacy Rule. The disclosure of medical records without a HIPAA authorization form is a HIPAA violation.
February 17th, 2022
This is a reminder that the HIPAA Breach reporting deadline is less than two weeks away, which means HIPAA breaches involving fewer than 500 individuals which occurred during 2021 must be reported to the U.S. Department of Health and Human Services (HHS) no later than Tuesday, March 1, 2022.
The HIPAA Breach Notification Rule places a strict time limit on the issuing of notifications and reporting of data breaches of individuals whose protected health information has been exposed. For breaches of PHI, notification letters to individuals affected must be sent within 60 days from the date of discovery and without reasonable delay.
February 8th, 2022
Most healthcare providers make every effort to ensure that HIPAA rules are followed, but sometimes accidents occur. What happens when there is an accidental HIPAA violation? How should an employee report an accidental HIPAA violation?
February 1st, 2022
The HIPAA Breach reporting deadline is less than a month away. Which means any breaches involving 500 individuals or less must be reported to the U.S. Department of Health and Human Services (HHS) no later than Monday, March 1, 2022.
What is a Data Breach?
January 6th, 2022
As we turn the page on 2021 and embark on 2022, many are hopeful that this year we will finally return to normalcy. But as Omicron surges across the nation at record breaking-rates, Americans have become tired and weary of what has seemed like a never-ending pandemic.
Government officials, hospitals, physicians, healthcare workers and employers have pleaded with Americans to protect themselves and others through vaccinations, boosters, social distancing and masking. But with all of the vaccination and mask mandates sparking controversy, there has been a degree of confusion regarding privacy rights and HIPAA when it comes to vaccination status.
February 11th, 2021
The HIPAA Breach reporting deadline is less than a month away. Which means any breaches involving 500 individuals or less must be reported to the U.S. Department of Health and Human Services (HHS) no later than Monday, March 1, 2021.
November 23rd, 2020
Crimes of opportunity have been increasing during the COVID-19 pandemic, and cybercrime is no exception. The FBI recently reported that cyberattacks have increased to as much as 4,000 more per day, representing a 400% increase from pre-coronavirus numbers.
Cybercriminals are using phishing attacks, malspam, and Ransomware to send fraudulent emails regarding COVID-19 as bait. They are preying on the vulnerable and their anxieties created by COVID-19. While health care facilities and providers have been busy providing care to COVID patients, they have been overwhelmingly targeted by attackers. Regardless of your practice size or location, there are ways to help safeguard your practice almost immediately.
October 26th, 2020
The COVID-19 pandemic has not only infected the entire globe with a health crisis like never seen before. It has changed our lives, families, businesses, work and our security. It has brought about new risks and challenges in the workplace, with cyberspace being no exception.
October 8th, 2020
COVID-19 has forced millions of individuals nationwide to work from their homes, enabling them to social distance and reduce the risk of virus transmission. In fact, research by Gallop found that three in five U.S. workers have been telecommuting during the coronavirus pandemic.
While telecommuting can provide many benefits, it can also pose significant challenges for healthcare organizations required to follow Health Insurance Portability and Accountability Act’s (HIPAA) rules and guidelines.
September 15th, 2020
Recently, there has been some confusion on whether or not the utilization of personal health information (PHI) to contact patients who have recovered from COVID-19 to provide them with information about donating blood and plasma donations would be permitted under the HIPAA Privacy Rule.
August 31st, 2020
The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued guidance and clarity regarding disclosures of protected health information (PHI) during the Coronavirus (COVID-19) global pandemic.
March 18th, 2020
Notification of Enforcement Discretion for Telehealth Remote Communications during the COVID-19 Nationwide Public Health Emergency
February 13th, 2020
A recent report from Proofpoint provides insights into the most common attacks faced by healthcare organizations. To help better understand the evolving cyberthreat landscape, the report analyzed a year of cyberattacks against healthcare providers, pharmaceutical and life sciences organizations, and health insurers between 2018-2019.
February 5th, 2020
On January 28, 2020, The Department of Health and Human Services (HHS) released a notice regarding legislative modifications made to the HIPAA Omnibus Final Rule of 2013.
February 4th, 2020
In light of the Novel Coronavirus (2019-nCoV) outbreak, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) is providing this bulletin to ensure that HIPAA covered entities and their business associates are aware of the ways that patient information may be shared under the HIPAA Privacy Rule in an outbreak of infectious disease or other emergency situation, and to serve as a reminder that the protections of the Privacy Rule are not set aside during an emergency.
January 20th, 2020
The US Department of Health and Human Services just released an emergency directive to notify the Health and Public Health Sector of significant vulnerabilities identified in the Microsoft Windows Operating Systems.
January 6th, 2020
Cyberterrorism is on the rise, and this includes phishing attacks. According to a recent report from Verizon, 90% of all data breaches are linked to phishing attacks. With the average cost of a successful phishing attack for a medium-sized business totalling $1.6 million, it is critical to ensure employees are educated on how to identify these scams before they cause catastrophic damage.
December 16th, 2019
As the holiday season draws near, MedSafe urges healthcare organizations and employees to be aware of online scams. Phishing attacks are on the rise with the highest rates since 2016, according to the Phishing Activity Trends Report.